Charles Mcauley

**Name of the Vulnerable Software and Affected Versions** Internet Explorer version 6 **Description** The issue allows remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. **Recommendations** For Internet Explorer version 6, consider disabling the use of Javascript keystroke events OnKeyDown, OnKeyPress, and OnKeyUp as a temporary workaround until a patch is available. Restrict access to file upload input controls to minimize the risk of exploitation. Avoid using file upload features in Internet Explorer version 6 until the issue is resolved.